cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
827
Views
0
Helpful
5
Replies

ASA 5545-X

satya mothukuri
Level 1
Level 1

 

   Hi All,

   I am planing to implement asa 5545X firewall in place of juniper firewall. We have having cloud proxy now, but we have much problem with cloud proxy for some applications and trusted sites. Now i want to know

  1. can i build my network in such a way, some sites ASA can do proxy(content not required for this) and rest i can push to cloud?
  2. I am going to use 2 ASA's as active and standby, So can i use the standby ASA for proxy filter. So that ASA load will be less.

    Thanks in advance.

 Regards,

 Satya.M

1 Accepted Solution

Accepted Solutions

we are have a plan to get SF-ASA-CX-9.1-K8, which is software based. Now i want to know can we do Proxy on this.

No, the ASA-CX is not a proxy. A Cisco Web Security Appliance (WSA) for example is a proxy. The CX is a transparent gateway where then data gets inspected and allowed/denied while the data flows through.

View solution in original post

5 Replies 5

1) First of all, you have to define what you want from that proxy. The ASA is an application inspection gateway that sits transparently in the traffic-flow. That's much different then what a traditional proxy does. Of course you can provide extra security with L7-inspection. For that you need a software module which can be the ASA CX or the FirePower (SourceFire).

2) No, the standby ASA is *only* a backup for the primary ASA in case of a failure. There is no loadsharing in active/standby.

 

 Tnx Karsten, we are have a plan to get SF-ASA-CX-9.1-K8, which is software based. Now i want to know can we do Proxy on this.Any document on proxy config will be helpful.

 

Thanks,

Satya.M

we are have a plan to get SF-ASA-CX-9.1-K8, which is software based. Now i want to know can we do Proxy on this.

No, the ASA-CX is not a proxy. A Cisco Web Security Appliance (WSA) for example is a proxy. The CX is a transparent gateway where then data gets inspected and allowed/denied while the data flows through.

nkarthikeyan
Level 7
Level 7

Hi,

 

I am not sure, how better you can do proxy using cisco asa... but for your question 2: you cannot make use of the standby one to do anything... that can take traffic only when it becomes traffic... it takes only management and sync traffic when it is in standby mode.

 

Regards

Karthik

 

  Thnaks Karthik, wish Cisco does such things in future :)

  Regards,

  Satya.M

 

 

Review Cisco Networking for a $25 gift card